Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
Installation failed:
org.codehaus.jackson.map.JsonMappingException: Can not instantiate value of type [simple type, class com.netscape.certsrv.system.ConfigurationRequest] from JSON String; no single-String constructor/factory method
Please check the CA logs in /var/log/pki/pki-tomcat/ca.
Errors in the pki-tomcat debug log:
2018-10-09 17:26:38 [https-jsse-nio-8443-exec-7] ERROR: RESTEASY002005: Failed executing POST /installer/configure
org.jboss.resteasy.spi.ReaderException: org.codehaus.jackson.map.JsonMappingException: Can not instantiate value of type [simple type, class com.netscape.certsrv.system.ConfigurationRequest] from JSON String; no single-String constructor/factory method
at org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:184)
at org.jboss.resteasy.core.MethodInjectorImpl.injectArguments(MethodInjectorImpl.java:91)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:114)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.codehaus.jackson.map.JsonMappingException: Can not instantiate value of type [simple type, class com.netscape.certsrv.system.ConfigurationRequest] from JSON String; no single-String constructor/factory method
at org.codehaus.jackson.map.deser.std.StdValueInstantiator._createFromStringFallbacks(StdValueInstantiator.java:379)
at org.codehaus.jackson.map.deser.std.StdValueInstantiator.createFromString(StdValueInstantiator.java:268)
at org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromString(BeanDeserializer.java:765)
at org.codehaus.jackson.map.deser.BeanDeserializer.deserialize(BeanDeserializer.java:585)
at org.codehaus.jackson.map.ObjectMapper._readValue(ObjectMapper.java:2704)
at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1315)
at org.codehaus.jackson.jaxrs.JacksonJsonProvider.readFrom(JacksonJsonProvider.java:419)
at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:61)
at org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:60)
at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:53)
at org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor.aroundReadFrom(GZIPDecodingInterceptor.java:59)
at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:55)
at org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:151)
... 62 more
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
Here is the full log tarball - you can always find it on the 'Logs & Assets' tab for openQA tests (unless it's an old test and it's been garbage-collected). The version of FreeIPA in current F28 stable, that was used in the test, is 4.7.0-3.fc28 .
For the record, we looked into this and we believe the problem is that this update is missing tomcatjss 7.3.6. That got put into its own update, when it should have been part of this one. The new pki bits apparently require the new tomcatjss. The corresponding F29 update does include tomcatjss, and that passed testing.
@dmoluguw is going to do a tomcatjss 7.3.6-2 build and edit it into this update, overriding the separate tomcatjss 7.3.6-1 update. At that point the tests will automatically re-run and hopefully will pass.
For the record, the openQA tests do now pass. Sorry for the delay. I re-ran them a week or so ago but they ran into an unrelated test issue; I fixed that and re-ran them last night and now they passed. Obviously whatever the CI is catching isn't encountered in the openQA tests for some reason...
This update has been submitted for testing by dmoluguw.
This update has obsoleted pki-core-10.6.6-2.fc28, and has inherited its bugs and notes.
This update has been pushed to testing.
This seems to have broken FreeIPA. Error:
Errors in the pki-tomcat debug log:
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
Can you provide us more info: - Which version of FreeIPA does this update break? - Can we get more access to the logs?
Here is the full log tarball - you can always find it on the 'Logs & Assets' tab for openQA tests (unless it's an old test and it's been garbage-collected). The version of FreeIPA in current F28 stable, that was used in the test, is 4.7.0-3.fc28 .
For the record, we looked into this and we believe the problem is that this update is missing tomcatjss 7.3.6. That got put into its own update, when it should have been part of this one. The new pki bits apparently require the new tomcatjss. The corresponding F29 update does include tomcatjss, and that passed testing.
@dmoluguw is going to do a tomcatjss 7.3.6-2 build and edit it into this update, overriding the separate tomcatjss 7.3.6-1 update. At that point the tests will automatically re-run and hopefully will pass.
As per our discussion, tomcatjss 7.3.6-1 will be hitting stable within a day. So, we will be rerunning the ipa tests once it gets pushes to stable.
Reason: To keep the tomcatjss' release number in sync with Fedora releases.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
@adamwill, can you rerun the FreeIPA test since tomcatjss-7.3.6-1.fc28 is now available in stable?
pki-core 10.6.7 causes some FreeIPA CI jobs to fail.
http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/810bd274-d84b-11e8-8b76-fa163e2ec43b/
spawn log
Commit https://github.com/dogtagpki/pki/commit/17677ae4d2cda456b64ec67e2b25ba63f4a58a70 removed the token check from
generate_self_signed_certificate
but not fromverify_certificate_exists
.https://pagure.io/dogtagpki/issue/3073
Indeed, failing IPA in a stable Fedora release should not be allowed.
This update has been obsoleted.
For the record, the openQA tests do now pass. Sorry for the delay. I re-ran them a week or so ago but they ran into an unrelated test issue; I fixed that and re-ran them last night and now they passed. Obviously whatever the CI is catching isn't encountered in the openQA tests for some reason...